Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 4D22E200CC7 for ; Sun, 16 Jul 2017 16:31:51 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 4BA50164416; Sun, 16 Jul 2017 14:31:51 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 93AB4164414 for ; Sun, 16 Jul 2017 16:31:50 +0200 (CEST) Received: (qmail 38186 invoked by uid 500); 16 Jul 2017 14:31:49 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 38176 invoked by uid 99); 16 Jul 2017 14:31:49 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Jul 2017 14:31:49 +0000 Received: from mail-qk0-f177.google.com (mail-qk0-f177.google.com [209.85.220.177]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 384CD1A0029 for ; Sun, 16 Jul 2017 14:31:47 +0000 (UTC) Received: by mail-qk0-f177.google.com with SMTP id v17so98849558qka.3 for ; Sun, 16 Jul 2017 07:31:47 -0700 (PDT) X-Gm-Message-State: AIVw112nrQ/4jXiW1HeZGZyhEG3lAe068DWyeKoCPDMoh3U802fSnDKT KZaT9p7rotzj0IcXd7vEYFUl1bl13A== X-Received: by 10.55.204.157 with SMTP id n29mr20150918qkl.135.1500215506589; Sun, 16 Jul 2017 07:31:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.96.226 with HTTP; Sun, 16 Jul 2017 07:31:46 -0700 (PDT) In-Reply-To: References: From: "Alex O'Ree" Date: Sun, 16 Jul 2017 10:31:46 -0400 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Getting user role membership without context To: Tomcat Users List Content-Type: text/plain; charset="UTF-8" archived-at: Sun, 16 Jul 2017 14:31:51 -0000 Thanks for the clarification. To add to my description.... I'm running a task on the users behalf on a background thread with a task scheduler. I need to get the roles when the task is ran in case of a change in role membership between the time the task is scheduled and when it is executed. It looks like the Digester class loads server.xml and creates the realms but it looks like it's almost entirely done with dynamic class loading. I couldn't narrow down the point in code where Realms are created. Perhaps there's a way to get a reference to the realm via some static reference? I went through the code but could not find a solution. I also tried extending the UserDatabaseRealm but was unable to get it to fire up (new instance) due to the lack of the calling infrastructure and requisite calls from higher up in the tomcat code base. Moving on, I was also poking around in JMX and found that the all users are listed (and clear text passwords are available? not sure if this is the case for digested or encrypt file stores). From this approach, i was able to parse the output and eventually found attributes that list all roles a given user account has (success!). What isn't clear is if this approach will work for LDAP (JNDI) connections or kerberos setups, SSO setups, etc. It may also be version specific to tomcat (running 7.0.76 at the moment). I'd appreciate any feedback on this. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org